Deep-Security-Professional Trend Micro Certified Professional for Deep Security Exam Questions and Answers

The Heartbeat interval value displayed in this policy is inherited from the parent policy

Deep Security Agents using the displayed policy will send event details to Deep Security Manager every 5 minutes.

All Deep Security Agents will send event details to Deep Security Manager every 5 minutes.

Deep Security Manager will refresh the policy details on the Deep Security Agents using this policy every 5 minutes.

IntelliScan is a method of identifying which files are subject to malware scanning as determined from the file content. It uses the file header to verify the true file type.

IntelliScan is a mechanism that improves scanning performance. It recognizes files that have already been scanned based on a digital fingerprint of the file.

IntelliScan reduces the risk of viruses entering your network by blocking real-time compressed executable files and pairs them with other characteristics to improve mal-ware catch rates.

IntelliScan is a malware scanning method that monitors process memory in real time. It can identify known malicious processes and terminate them.

Custom Log Inspections rules can be created using the Open Source Security (OSSEC) standard.

Deep Security Manager collects Log Inspection Events from Deep Security Agents at every heartbeat.

The Log Inspection Protection Module is supported in both agent-based and agentless environments.

Scan for Recommendations identifies Log Inspection rules that Deep Security should implement.

Deep Security Relays distribute load to the Deep Security Manager nodes in a high-availability implementation.

Deep Security Relays forward policy details to Deep Security Agents and Virtual Ap-pliances immediately after changes to the policy are applied.

Deep Security Relays maintain the caches of policies applied to Deep Security Agents on protected computers to improve performance.

Deep Security Relays are responsible for retrieving security and software updates and distributing them to Deep Security Manager, Agents and Virtual Appliances.

Intrusion Prevention rules can block unrecognized software from executing.

Intrusion Prevention rules check for the IP addresses of known malicious senders within a packet

Intrusion Prevention rules can detect or block traffic associated with specific applica-tions, such as Skype or file-sharing utilities.

Intrusion Prevention rules monitor the system for changes to a baseline configuration.

The Application Control Protection Module has been disabled at the Base Policy level and is not displayed in the details for child policies.

The Application Control Protection Module is only supported on Linux computers, the policy details displayed are for Windows computers only.

An Activation Code for the Application Control Protection Module has not been pro-vided. Unlicensed Protection Modules will not be displayed.

The Application Control Protection Modules has not been enabled for this tenant.

A Reset operation generates Event information that can be used to troubleshoot Agent-to -Manager communication issues.

A Reset operation forces an update to the Deep Security Agent software installed on a managed computer.

A Reset operation forces the Deep Security Agent service to restart on the managed computer.

A Reset operation wipes out any Deep Security Agent settings, including its relationship with Deep Security Manager.

The administrator could install a Deep Security Agent on the server hosting the Win-dows Server 2016 database and enable the Integrity Monitoring Protection Module. A rule can be assigned to monitor the Windows SQL Server for any modifications to the server, with Alerts enabled.

The administrator could install a Deep Security Agent on the server hosting the Win-dows Server 2016 database and enable the Log Inspection Protection Module. A rule can be assigned to monitor the Windows SQL Server for any critical events, with Alerts enabled.

The administrator could install a Deep Security Agent on the server hosting the Win-dows Server 2016 database and enable the Intrusion Prevention Protection Module. A Recommendation Scan can be run and any suggested rule can be assigned to monitor the Windows SQL Server for any vulnerabilities, with Alerts enabled.

This can not be achieved using Deep Security. Instead, the administrator could set up log forwarding within Window SQL Server 2016 and the administrator could monitor the logs within the syslog device.

In the example displayed in the exhibit, no activation code was entered for Application Control. Since the Protection Module is not licensed, the corresponding settings are not displayed.

These settings are used when both an host-based agent and agentless protection are available for the virtual machine. Since Application Control is not supported in agentless installations, there is no need for the setting.

In the example displayed in the exhibit, the Application Control Protection Module has not yet been enabled. Once it is enabled for this virtual machine, the corresponding settings are displayed.

In the example displayed in the exhibit, the VMware Guest Introspection Service has not yet been installed. This service is required to enable Application Control in agentless installations.